/*
 Password Encryption Controller

 Copyright 2013 Thincast Technologies GmbH, Author: Dorian Johnson

 This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
 If a copy of the MPL was not distributed with this file, You can obtain one at
 http://mozilla.org/MPL/2.0/.
 */

#import "EncryptionController.h"
#import "SFHFKeychainUtils.h"
#import "TSXAdditions.h"

@interface EncryptionController (Private)

- (BOOL)verifyPassword:(Encryptor *)decryptor;
- (NSData *)encryptedVerificationData;
- (void)setEncryptedVerificationData:(Encryptor *)encryptor;

- (NSString *)keychainServerName;
- (NSString *)keychainUsername;
- (void)setKeychainPassword:(NSString *)password;
- (NSString *)keychainPassword;
- (NSString *)keychainDefaultPassword;

@end

static EncryptionController *_shared_encryption_controller = nil;

#pragma mark -

@implementation EncryptionController

+ (EncryptionController *)sharedEncryptionController
{
	@synchronized(self)
	{
		if (_shared_encryption_controller == nil)
			_shared_encryption_controller = [[EncryptionController alloc] init];
	}

	return _shared_encryption_controller;
}

#pragma mark Getting an encryptor or decryptor

- (Encryptor *)encryptor
{
	if (_shared_encryptor)
		return _shared_encryptor;

	NSString *saved_password = [self keychainPassword];
	if (saved_password == nil)
	{
		saved_password = [self keychainDefaultPassword];
		Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];
		[self setEncryptedVerificationData:encryptor];
		_shared_encryptor = [encryptor retain];
	}
	else
	{
		Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];
		if ([self verifyPassword:encryptor])
			_shared_encryptor = [encryptor retain];
	}

	return _shared_encryptor;
}

// For the current implementation, decryptors and encryptors are equivilant.
- (Encryptor *)decryptor
{
	return [self encryptor];
}

@end

#pragma mark -

@implementation EncryptionController (Private)

#pragma mark -
#pragma mark Keychain password storage

- (NSString *)keychainServerName
{
	return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleName"];
}

- (NSString *)keychainUsername
{
	return @"master.password";
}

- (void)setKeychainPassword:(NSString *)password
{
	NSError *error;
	if (password == nil)
	{
		[SFHFKeychainUtils deleteItemForUsername:[self keychainUsername]
		                           andServerName:[self keychainServerName]
		                                   error:&error];
		return;
	}

	[SFHFKeychainUtils storeUsername:[self keychainUsername]
	                     andPassword:password
	                   forServerName:[self keychainServerName]
	                  updateExisting:YES
	                           error:&error];
}

- (NSString *)keychainPassword
{
	NSError *error;
	return [SFHFKeychainUtils getPasswordForUsername:[self keychainUsername]
	                                   andServerName:[self keychainServerName]
	                                           error:&error];
}

- (NSString *)keychainDefaultPassword
{
	NSString *password = [[NSUserDefaults standardUserDefaults] stringForKey:@"UUID"];
	if ([password length] == 0)
	{
		password = [NSString stringWithUUID];
		[[NSUserDefaults standardUserDefaults] setObject:password forKey:@"UUID"];
		[[NSUserDefaults standardUserDefaults] removeObjectForKey:@"TSXMasterPasswordVerification"];
	}
	return password;
}

#pragma mark -
#pragma mark Verification of encryption key against verification data

- (BOOL)verifyPassword:(Encryptor *)decryptor
{
	return [[decryptor plaintextPassword]
	    isEqualToString:[decryptor decryptString:[self encryptedVerificationData]]];
}

- (NSData *)encryptedVerificationData
{
	return [[NSUserDefaults standardUserDefaults] dataForKey:@"TSXMasterPasswordVerification"];
}

- (void)setEncryptedVerificationData:(Encryptor *)encryptor
{
	[[NSUserDefaults standardUserDefaults]
	    setObject:[encryptor encryptString:[encryptor plaintextPassword]]
	       forKey:@"TSXMasterPasswordVerification"];
}

@end
